Skip to content

Commit

Permalink
Merge branch 'xcp-ng:master' into cpu-limits
Browse files Browse the repository at this point in the history
  • Loading branch information
thomas-dkmt authored Nov 12, 2024
2 parents 10e241d + 5e35fda commit d6935a6
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 3 deletions.
21 changes: 20 additions & 1 deletion docs/compute.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ sidebar_position: 8

# Compute and GPU

This section is dedicated to compute related things, from Xen to GPU/vGPU or PCI passthrough.
This section is dedicated to compute related things, like GPU/vGPU or PCI passthrough, nested virtualization or advanced Xen features.

## 🔗 PCI Passthrough

Expand Down Expand Up @@ -251,6 +251,25 @@ Then run
xe pusb-scan host-uuid=<host_uuid>
```

## 📦 Nested Virtualization

Nested virtualization is the ability to run a hypervisor within another hypervisor. For example, running XCP-ng inside a VM that itself runs on XCP-ng.

This feature is useful for testing purposes and is also required for certain advanced features in Windows guests, such as containers (note: containers on Linux do not require nested virtualization).

Unfortunately, Xen currently does not support nested virtualization. It is a desired feature for both the Xen Project and XCP-ng, but its implementation is still pending. You can find technical details in this Xen Summit talk: [part 1](https://www.youtube.com/watch?v=8jKGYY1Bi_o) and [part 2](https://www.youtube.com/watch?v=3MxWvVTmY1s).

In the past, partial nested virtualization was implemented in Xen. However, it was experimental and insecure (with risks such as host crashes or worse) and, therefore, was not officially supported. Following a necessary rework of Xen's codebase, the limited functionality that existed was removed until it could be properly reimplemented.

**But I saw it working!**

Xen Orchestra previously offered a "Nested Virtualization" toggle in a VM's advanced settings without warning users of its unsupported status. This led users to believe it was a supported feature. As a result, when this functionality was completely removed from XCP-ng 8.3 (and XenServer 8), it came as a surprise. Xen Orchestra has since been updated to clarify the unsupported status of nested virtualization.

**But I really need it!**

We understand the use cases that necessitate nested virtualization and are committed to making this feature available in a supported form in the future. Until it is implemented, there is unfortunately no supported way to enable it.


## 🐼 Advanced Xen

This section is dedicated to advanced Xen use cases. Use it with caution!
Expand Down
4 changes: 2 additions & 2 deletions docs/releases/release-8-3.md
Original file line number Diff line number Diff line change
Expand Up @@ -389,9 +389,9 @@ Key operating systems that are no longer supported:

### Nested virtualization (though not on purpose)

Upgrading Xen from version 4.13 to version 4.17 had a lot of benefits, but it came with one drawback: nested virtualization, which had always been experimental but was at least working in some useful situations (such as testing XCP-ng inside XCP-ng), is now non-functional due to fundamental changes in the codebase.
Upgrading Xen from version 4.13 to version 4.17 had a lot of benefits, but it came with one potential drawback: nested virtualization, which had always been experimental, unsupported and insecure (risks for the host), but was at least somewhat working in some useful situations (such as testing XCP-ng inside XCP-ng), is now entirely non-functional due to fundamental changes in the codebase.

What needs to be done in the codebase for complete nested virtualization support was explained to the Xen developer community during XenSummit by Georges Dunlap ([part 1](https://youtu.be/8jKGYY1Bi_o) and [part 2](https://youtu.be/3MxWvVTmY1s) on Youtube), but it's not a small task, so we don't know at the moment when nested virtualization will be fully implemented. We'll keep you posted on our blog. If you really need it, stay on XCP-ng 8.2 for now.
What needs to be done in the codebase for proper nested virtualization support was explained to the Xen developer community during XenSummit by Georges Dunlap ([part 1](https://youtu.be/8jKGYY1Bi_o) and [part 2](https://youtu.be/3MxWvVTmY1s) on Youtube), but it's not a small task, so we don't know at the moment when nested virtualization will be fully implemented. We'll keep you posted on our blog. If you really need it in its previous incomplete state and still want to use it despite its unsupported status and the security implications, stay on XCP-ng 8.2 for now.

### AMD MxGPU driver

Expand Down

0 comments on commit d6935a6

Please sign in to comment.